Vulnerabilities > CVE-2023-49790 - Unspecified vulnerability in Nextcloud
Attack vector
PHYSICAL Attack complexity
LOW Privileges required
NONE Confidentiality impact
LOW Integrity impact
LOW Availability impact
LOW low complexity
nextcloud
Summary
The Nextcloud iOS Files app allows users of iOS to interact with Nextcloud, a self-hosted productivity platform. Prior to version 4.9.2, the application can be used without providing the 4 digit PIN code. Nextcloud iOS Files app should be upgraded to 4.9.2 to receive the patch. No known workarounds are available.
Vulnerable Configurations
References
- https://github.com/nextcloud/ios/pull/2665
- https://github.com/nextcloud/ios/pull/2665
- https://github.com/nextcloud/security-advisories/security/advisories/GHSA-j8g7-88vv-rggv
- https://github.com/nextcloud/security-advisories/security/advisories/GHSA-j8g7-88vv-rggv
- https://hackerone.com/reports/2245437
- https://hackerone.com/reports/2245437